WO1998013970A1 - A system and method for securely transferring plaindata from a first location to a second location - Google Patents
A system and method for securely transferring plaindata from a first location to a second location Download PDFInfo
- Publication number
- WO1998013970A1 WO1998013970A1 PCT/US1997/017420 US9717420W WO9813970A1 WO 1998013970 A1 WO1998013970 A1 WO 1998013970A1 US 9717420 W US9717420 W US 9717420W WO 9813970 A1 WO9813970 A1 WO 9813970A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- client station
- station
- clearing
- identification information
- client
- Prior art date
Links
- 238000000034 method Methods 0.000 title description 3
- 238000012790 confirmation Methods 0.000 claims description 22
- 238000012550 audit Methods 0.000 claims description 4
- 230000008878 coupling Effects 0.000 claims description 4
- 238000010168 coupling process Methods 0.000 claims description 4
- 238000005859 coupling reaction Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 3
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
Definitions
- the present invention relates to data transfer via a data transport network (the Network) , such as a TCP/IP network.
- the TCP/IP network may be SMTP
- the present invention relates more particularly to a system and method which provides authentication, non-repudiation, message integrity, confidentia- lity, and time/date stamping of such data transfer.
- a network such as an SMTP capable transport over a TCP/IP network.
- the system comprises a first client station at the first location a second client station at the second location and a clearing station storing key encryption identification information for the second client station.
- Means are provided for communicatively coupling each of the stations to the network.
- To transfer the plaindata means associated with the first client station requests the second client station key encryption identification information from the clearing station via the network.
- Means responsive to the first client station request transfers the second client station key encryption identification information from the clearing station to the first client station via the network.
- Means associated with the first client station encrypts the plaindata to form cipherdata utilizing the second client station key encryption identification information. Means then transfers the cipherdata from the first client station to the second client station via the network.
- Means transfers transmit confirmation information from the first client station to the clearing station.
- the transmit confirmation information indicates to the clearing station that the first client station transmitted the cipherdata to the second client station.
- Means associated with the second client station decrypts the received cipherdata, and means transfers acknowledgement informa- tion from the second client station to each of the first client station and the clearing station.
- the acknowledgement information confirms to the first client station and the clearing station that the second client station received the message.
- the clearing station stores key encryption identification information for the first client station and that the system includes means associated with the second client station for requesting the first client station public key encryption identification information from the clearing station and means responsive to the request for transferring the first client station public key encryption identification information to the second client station.
- the transmit confirmation information comprises a message number uniquely relating to the plaindata.
- the transmit confirmation information comprises a digest of the plaindata.
- the transmit confirmation information comprises the entire plaindata.
- the clearing station includes means for providing an audit report of messages sent from the first client station to the second client station.
- the system includes encryption key management, including means for updating encryption identification information.
- Figure 1 is a block diagram of a first embodiment of the present invention
- Figure 2 is a block diagram of an expanded embodiment of the present invention
- FIG. 3 is a block diagram of a still further expanded embodiment of the present invention.
- This invention is susceptible of embodiments in many different forms, there is shown in the drawings and will herein be described in detail, preferred embodiments of the invention with the understanding that the present disclosure is to be considered as an exemplification of the principles of the invention and is not intended to limit the broad aspects of the invention to the embodiments illustrated.
- a system, generally designated 10, for secure- ly transferring plaindata from a first location 12 to a second location 14 is disclosed in Figure 1.
- plaindata means data in its state prior to encryption.
- plaindata is unencrypted, although it is conceivable that encrypted data could be subject to further encryption, and thus such encrypted data would be plaindata.
- the plaindata is first encapsulated, using a conventional MIME header and trailer.
- the encapsulated plaindata is then transferred via a data transport network, such as a TCP/IP (Transport Control Protocol/Internet Protocol) network, re- ferred to herein as internet 16.
- the network may be SMTP (Simple Mail Transport Protocol) , or conventional e-mail) .
- the plaindata can be transferred via HTTP (Hypertext Transport Protocol) , FTP (File Transfer Protocol) , direct IP socket connections, or the like.
- the system comprises a first client station 18 at the first location and a second client station 20 at the second location.
- the first client sta- tion 18 and the second client station 20 are anticipated to be conventional personal computers, or PC's, having respective modems (not specifically shown) connected to a conventional telephone network.
- the connection to the telephone network may be direct, or over a network such as a local area networ .
- the system 10 further includes a clearing station 24.
- the clearing station 24 can also be a conventional PC having a modem connecting the clearing station 24 via a telephone network to the internet 16.
- the first number is commonly referred to as a public key and the second number is commonly referred to as a private key.
- An entity maintains its private key private, as the name suggests, and makes its public key known to those needing it. If the first entity is to send plaindata to a second entity, the first entity encrypts the plaindata into cipherdata using the second entity's public key. The second entity then decrypts the received cipherdata into plaindata using its own private key. Thus once plaindata is encrypted with the second entity's public key, only the holder of the second entity's private key can decrypt the cipherdata.
- a more complete discussion of data encryption schemes can be found in Computer Communication Security, by Warwick Ford, Prentiss-Hall, 1994. Another reference is Applied Cryptography, by Bruce Schneier, published by Counterpane Systems, Oak Park, IL.
- the clearing station 24 stores key encryption identification information for the second client station.
- the key encryption identification infor- mation would be the second client station's only key, if symmetric encoding was being utilized, or the key encryption identification information would be the second client station's public key, if asymmetric encoding was being utilized.
- each of the stations 18, 20, 24 is communicatively coupled to the internet 16.
- Soft- ware operable by the first client station 18 causes the first client station 18 to contact the clearing station 24 via the internet 16 and requests the second client station key encryption identification information from the clearing station 24.
- the clearing station 24 automatically responds to the first client station request and transfers the second client station key encryption identification information from the clearing station 24 to the first client station 18 via the internet 16.
- the first client station 18 then encrypts the plaindata to be sent to the second client station 20 to form cipherdata. This encryption utilizes the second client station key encryption identification information.
- the first client station 18 then automatically transfers the cipherdata from the first client station 18 to the second client station 20 via the internet 16.
- the first client station 18 automatically transfers transmit confirmation information from the first client station 18 to the clearing station 24.
- the transmit confirmation information indicates to the clearing station 24 that the first client station 18 transmitted the cipherdata to the second client station 20.
- the second client station 20 After the second client station 20 receives the cipherdata from the first client station 18, the second client station utilizes conventional software to decrypt the received cipherdata. In addition, the second client station 20 automatically transfers acknowledgement information from the second client 20 station to each of the first client station 18 and the clearing station 24. The acknowledgement information confirms to the first client station 18 and the clearing station 24 that the second client station 20 received the plain- data. This provides for bi-lateral non-repudiation of the message.
- the clearing station 24 stores key encryption identification information for the first client station 18. Accordingly the second client station 20 would automatically request the first client station key encryption identification information from the clearing station 24 and the clearing station 24 would respond to the request and transfer the first client station key encryption identification information to the second client station 20. The second client station 20 would use the first client station key encryption identification information to unencrypt the message digest of the cypherdata from the first client station 18. The first client station key encryption identification information is also used by the second client station 20 to encrypt any plaindata the second client station 20 would- send in response to the first client station 18.
- the transmit confirmation information may comprise a message number uniquely relating to the plaindata. Alternatively the transmit confirmation information may comprise a digest of the plaindata. Still alternatively, the transmit confirmation information may comprise the entire plaindata.
- the key identification information stored at the clearing station 24, and hence provided to the client stations can be updated. Additionally, the key identification information stored at the clearing station 24, and hence provided to the client stations, can be automatically updated on a periodic basis .
- the clearing station 24 providing an audit report of messages sent from the first client station 18 to the second client station 20.
- a digital certificate can be used with asymmetric encryption to authenticate both that the identified sender is in fact the true sender and that the message was not altered.
- the sender utilizes a "hashing algorithm" (typically either MD-3 or MD-5 protocols) to transform plaindata to be sent into a "message digest.”
- the "message digest” is then encrypted by the sender using the sender's private key.
- the encrypted message digest is called the digital certificate, and is attached to the encrypted message and sent to the receiver.
- the receiver uses the receiver's private key to decrypt the encrypted message.
- the receiver also uses the sen- der's public key to decrypt the encrypted message digest, and then uses the hashing function to reform the decrypted message digest to the original message. If the message as reformed from the message digest is the same as the decrypted message as sent, then one knows that the true sender sent the message .
- a certificate authority 34 such as Verisign, Inc., of Mountain View, California, creates and manages digital certificates and signatures.
- Verisign, Inc. of Mountain View, California.
- the particulars of a certificate authority are discussed by Ford, referenced above.
- first and second clearing stations 24, 24', and their respective first, second, third and fourth client stations 18, 20, 18', 20' are interconnected by an internet connection between the respective clearing stations 24, 24' .
- the first client station 18 of the first clearing station 24 desires to transfer plaindata to the fourth client station 20' of the second clearing station 24'
- the first client station 18 requests the key identification information of the fourth client station 20' via the first and second clearing stations 24, 24' .
- both clearing stations are required to get the key identification information to the first client station 24.
- the plaindata is transferred as discussed above, utilizing the first clearing station for verification.
- first and second clearing stations 24, 24', and their respective first, second, third and fourth client stations 18, 20, 18', 20' are interconnected by a commerce broker 36 between the respective clearing stations 24, 24'.
- the commerce broker 36 is utilized when a direct connection between clearing stations is not desired, such as when a bank's computer and a bulletin board service are each "clearing stations", and the bank does not want a direct connection with the bulletin board service. Accordingly, a mutually trusted entity is selected to act as the commerce broker 36.
- the system 10 operates in conjunction with conventional Windows ® based software products, such as accounting systems, spreadsheets, word processing, inventory control, e-mail, or the like, using Windows ® API (application program interface) .
- Windows ® API application program interface
Abstract
The system for securely transferring plaindata (10) from a first location (12) to a second location (14) has a first computer (18) at the first location (12) and a second computer (20) at the second location (14), with the first computer (18) and the second computer (20) being connected to the Internet (16). Through the Internet (16), they are connected to a clearing station (24) and ultimately to a certificate authority (34). In addition, they are connected through the Internet (16) to a private network gateway (31), a private value-added network (32), and an existing van client (30).
Description
A SYSTEM AND METHOD FOR SECURELY
TRANSFERRING PLAINDATA FROM A FIRST
LOCATION TO A SECOND LOCATION
D E S C R I P T I O N Technical Field
The present invention relates to data transfer via a data transport network (the Network) , such as a TCP/IP network. The TCP/IP network may be SMTP
(Simple Mail Transport Protocol) , HTTP (Hypertext Transport Protocol) , FTP (File Transfer Protocol) , direct IP socket connections, or the like. The present invention relates more particularly to a system and method which provides authentication, non-repudiation, message integrity, confidentia- lity, and time/date stamping of such data transfer.
Background Prior Art
As electronic commerce, or the transfer of business data such as invoices, via the internet becomes more prevalent, concerns for authentica- tion, non-repudiation, message integrity, confidentiality, and time/date stamping of the data become critical. For example, with electronic commerce, there is no paper trail of the transaction.
The present invention is provided to solve this and other problems. Summary of the Invention
It is an object of the invention to provide a system for securely transferring a message comprising plaindata from a first location to a second location via a network, such as an SMTP capable transport over a TCP/IP network.
In accordance with the invention, the system comprises a first client station at the first location a second client station at the second location and a clearing station storing key encryption identification information for the second client station. Means are provided for communicatively coupling each of the stations to the network. To transfer the plaindata, means associated with the first client station requests the second client station key encryption identification information from the clearing station via the network. Means responsive to the first client station request transfers the second client station key encryption identification information from the clearing station to the first client station via the network. Means associated with the first client station encrypts the plaindata to form cipherdata utilizing the second client station key encryption identification information. Means then transfers the cipherdata from the first client
station to the second client station via the network. Means transfers transmit confirmation information from the first client station to the clearing station. The transmit confirmation information indicates to the clearing station that the first client station transmitted the cipherdata to the second client station. Means associated with the second client station decrypts the received cipherdata, and means transfers acknowledgement informa- tion from the second client station to each of the first client station and the clearing station. The acknowledgement information confirms to the first client station and the clearing station that the second client station received the message. It is comprehended that the clearing station stores key encryption identification information for the first client station and that the system includes means associated with the second client station for requesting the first client station public key encryption identification information from the clearing station and means responsive to the request for transferring the first client station public key encryption identification information to the second client station. It is further comprehended that the transmit confirmation information comprises a message number uniquely relating to the plaindata. Alternatively the transmit confirmation information comprises a digest of the plaindata. Still alternatively, the transmit confirmation information comprises the entire plaindata.
It is still further comprehended that the clearing station includes means for providing an audit report of messages sent from the first client station to the second client station.
It is yet further comprehended that the system includes encryption key management, including means for updating encryption identification information. Other features and advantages of the invention will be apparent from the following specification taken in conjunction with the following drawing. Brief Description of Drawings
•Figure 1 is a block diagram of a first embodiment of the present invention; Figure 2 is a block diagram of an expanded embodiment of the present invention; and
Figure 3 is a block diagram of a still further expanded embodiment of the present invention. Detailed Description While this invention is susceptible of embodiments in many different forms, there is shown in the drawings and will herein be described in detail, preferred embodiments of the invention with the understanding that the present disclosure is to be considered as an exemplification of the principles of the invention and is not intended to limit the broad aspects of the invention to the embodiments illustrated.
A system, generally designated 10, for secure- ly transferring plaindata from a first location 12 to a second location 14 is disclosed in Figure 1. As used herein, the term "plaindata" means data in its state prior to encryption. Typically plaindata is unencrypted, although it is conceivable that encrypted data could be subject to further encryption, and thus such encrypted data would be plaindata. The plaindata is first encapsulated, using a conventional MIME header and trailer. The encapsulated plaindata is then transferred via a data transport network, such as a TCP/IP (Transport Control Protocol/Internet Protocol) network, re-
ferred to herein as internet 16. The network may be SMTP (Simple Mail Transport Protocol) , or conventional e-mail) . Alternatively, the plaindata can be transferred via HTTP (Hypertext Transport Protocol) , FTP (File Transfer Protocol) , direct IP socket connections, or the like.
The system comprises a first client station 18 at the first location and a second client station 20 at the second location. The first client sta- tion 18 and the second client station 20 are anticipated to be conventional personal computers, or PC's, having respective modems (not specifically shown) connected to a conventional telephone network. The connection to the telephone network may be direct, or over a network such as a local area networ .
The system 10 further includes a clearing station 24. The clearing station 24 can also be a conventional PC having a modem connecting the clearing station 24 via a telephone network to the internet 16.
As is well known, there are two conventional models of data encryption, symmetric and asymmetric. According to symmetric data encryption, a single digital number, or key, is used both to encrypt and decrypt plaindata.
According to asymmetric data encryption, two related digital numbers are used. The first number is commonly referred to as a public key and the second number is commonly referred to as a private key. An entity maintains its private key private, as the name suggests, and makes its public key known to those needing it. If the first entity is to send plaindata to a second entity, the first entity encrypts the plaindata into cipherdata using
the second entity's public key. The second entity then decrypts the received cipherdata into plaindata using its own private key. Thus once plaindata is encrypted with the second entity's public key, only the holder of the second entity's private key can decrypt the cipherdata. A more complete discussion of data encryption schemes can be found in Computer Communication Security, by Warwick Ford, Prentiss-Hall, 1994. Another reference is Applied Cryptography, by Bruce Schneier, published by Counterpane Systems, Oak Park, IL.
The clearing station 24 stores key encryption identification information for the second client station. The key encryption identification infor- mation would be the second client station's only key, if symmetric encoding was being utilized, or the key encryption identification information would be the second client station's public key, if asymmetric encoding was being utilized. As noted above, each of the stations 18, 20, 24 is communicatively coupled to the internet 16.
The following is a discussion describing how plaindata is transferred from the first client station 18 to the second client station 20. Soft- ware operable by the first client station 18 causes the first client station 18 to contact the clearing station 24 via the internet 16 and requests the second client station key encryption identification information from the clearing station 24. The clearing station 24 automatically responds to the first client station request and transfers the second client station key encryption identification information from the clearing station 24 to the first client station 18 via the internet 16. The first client station 18 then encrypts the plaindata to be sent to the second client station
20 to form cipherdata. This encryption utilizes the second client station key encryption identification information. Once encrypted, the first client station 18 then automatically transfers the cipherdata from the first client station 18 to the second client station 20 via the internet 16. In addition, the first client station 18 automatically transfers transmit confirmation information from the first client station 18 to the clearing station 24. The transmit confirmation information indicates to the clearing station 24 that the first client station 18 transmitted the cipherdata to the second client station 20.
After the second client station 20 receives the cipherdata from the first client station 18, the second client station utilizes conventional software to decrypt the received cipherdata. In addition, the second client station 20 automatically transfers acknowledgement information from the second client 20 station to each of the first client station 18 and the clearing station 24. The acknowledgement information confirms to the first client station 18 and the clearing station 24 that the second client station 20 received the plain- data. This provides for bi-lateral non-repudiation of the message.
In the preferred embodiment, the clearing station 24 stores key encryption identification information for the first client station 18. Accordingly the second client station 20 would automatically request the first client station key encryption identification information from the clearing station 24 and the clearing station 24 would respond to the request and transfer the first client station key encryption identification information to the second client station 20. The second
client station 20 would use the first client station key encryption identification information to unencrypt the message digest of the cypherdata from the first client station 18. The first client station key encryption identification information is also used by the second client station 20 to encrypt any plaindata the second client station 20 would- send in response to the first client station 18. The transmit confirmation information may comprise a message number uniquely relating to the plaindata. Alternatively the transmit confirmation information may comprise a digest of the plaindata. Still alternatively, the transmit confirmation information may comprise the entire plaindata.
Over the course of time, the confidentiality of a key may be questioned, and thus the holder of the key may desire the number to be changed. Accordingly the key identification information stored at the clearing station 24, and hence provided to the client stations, can be updated. Additionally, the key identification information stored at the clearing station 24, and hence provided to the client stations, can be automatically updated on a periodic basis .
In addition, a transaction between parties may be challenged. Accordingly, the clearing station 24 providing an audit report of messages sent from the first client station 18 to the second client station 20.
The above discussion related to data transfer from the firs.t client station 18 to the second client station 20. It is intended that similar data transfer may be made from the second client station 20 to the first client station 18. Still further, similar data transfer may be made between
an EDI system 30 coupled to the internet 16 via a private network gateway 31 and a private value added network 32 (such as CompuServ) and either of the first client station 18 and/or the second client station 20.
As is well known, a digital certificate can be used with asymmetric encryption to authenticate both that the identified sender is in fact the true sender and that the message was not altered. Accordingly, the sender utilizes a "hashing algorithm" (typically either MD-3 or MD-5 protocols) to transform plaindata to be sent into a "message digest." The "message digest" is then encrypted by the sender using the sender's private key. The encrypted message digest, is called the digital certificate, and is attached to the encrypted message and sent to the receiver. The receiver uses the receiver's private key to decrypt the encrypted message. The receiver also uses the sen- der's public key to decrypt the encrypted message digest, and then uses the hashing function to reform the decrypted message digest to the original message. If the message as reformed from the message digest is the same as the decrypted message as sent, then one knows that the true sender sent the message .
In accordance with the invention, a certificate authority 34, such as Verisign, Inc., of Mountain View, California, creates and manages digital certificates and signatures. The particulars of a certificate authority are discussed by Ford, referenced above.
An expanded version of the invention is illustrated in Figure 2. According to this version, first and second clearing stations 24, 24', and their respective first, second, third and fourth
client stations 18, 20, 18', 20' are interconnected by an internet connection between the respective clearing stations 24, 24' . According to this version, if the first client station 18 of the first clearing station 24 desires to transfer plaindata to the fourth client station 20' of the second clearing station 24', the first client station 18 requests the key identification information of the fourth client station 20' via the first and second clearing stations 24, 24' . Thus both clearing stations are required to get the key identification information to the first client station 24. Once the first client station has the key identification information, the plaindata is transferred as discussed above, utilizing the first clearing station for verification.
A still further expanded version of the invention is illustrated in Figure 3. According to this version, first and second clearing stations 24, 24', and their respective first, second, third and fourth client stations 18, 20, 18', 20' are interconnected by a commerce broker 36 between the respective clearing stations 24, 24'. The commerce broker 36 is utilized when a direct connection between clearing stations is not desired, such as when a bank's computer and a bulletin board service are each "clearing stations", and the bank does not want a direct connection with the bulletin board service. Accordingly, a mutually trusted entity is selected to act as the commerce broker 36.
The system 10 operates in conjunction with conventional Windows® based software products, such as accounting systems, spreadsheets, word processing, inventory control, e-mail, or the like, using Windows® API (application program interface) . It will be understood that the invention may be embo-
died in other specific forms without departing from the spirit or central characteristics thereof. The present examples and embodiments, therefore, are to be considered in all respects as illustrative and not restrictive, and the invention is not to be limited to the details given herein.
Claims
1. A system for securely transferring plaindata from a first location to a second location via a data transport network, the system comprising: a first client station at said first location; a second client station at said second location; a clearing station storing key encryption identification information for said second client station; means for communicatively coupling each of said stations to said network; means associated with said first client station for requesting said second client station key encryption identification information from said clearing station via said network; means responsive to said first client station request for transferring said second client station key encryption identification information from said clearing station to said first client station via said network; means associated with said first client station for encrypting said plaindata to form cipherdata utilizing said second client station key encryption identification information; means for transferring said cipherdata from said first client station to said second client station via said network; means for transferring transit confirmation information from said first client station to said clearing station, said transmit confirmation information indicating to said clearing station that said first client station transmitted said cipherdata to said second client station; means associated with said second client station for decrypting said received cipherdata; and means for transferring acknowledgement infor- mation from said second client station to each of said first client station and said clearing station, said acknowledgement information confirming to said first client station and said clearing station that said second client station received said plaindata.
2. The system of claim 1 wherein said clearing station stores key encryption identification information for said first client station and said system includes means associated with said second client station for requesting said first client station public key encryption identification information from said clearing station and means responsive to said request for transferring said first client station public key encryption identification information to said second client station.
3. The system of claim 1 wherein said transmit confirmation information comprises a message number uniquely relating to said plaindata.
4. The system of claim 1 wherein said trans- mit confirmation information comprises a digest of said plaindata.
5. The system of claim 1 wherein said transmit confirmation information comprises the entire plaindata.
6. The system of claim 1 wherein said clearing station includes means for providing an audit report of plaindata sent from said first client station to said second client station.
7. The system of claim 1 including means for updating encryption identification information.
8. A system for securely transferring plaindata from a first location to a second location via an SMTP capable transport over a TCP/IP network, the system comprising: a first client station at said first location; a second client station at said second location; a clearing station storing key encryption identification information for said second client station; means for communicatively coupling each of said stations to said network; means associated with said first client station for requesting said second client station key encryption identification information from said clearing station via said network; means responsive to said first client station request for transferring said second client station key encryption identification information from said clearing station to said first client station via said network; means associated with said first client station for encrypting said plaindata to form cipherdata utilizing said second client station key encryption identification information; means for transferring said cipherdata from said first client station to said second client station via said network; means for transferring transit confirmation information from said first client station to said clearing station, said transmit confirmation information indicating to said clearing station that said first client station transmitted said cipherdata to said second client station; means associated with said second client station for decrypting said received cipherdata; and means for transferring acknowledgement infor- mation from said second client station to each of said first client station and said clearing station, said acknowledgement information confirming to said first client station and said clearing station that said second client station received said plaindata.
9. The system of claim 8 wherein said clearing station stores key encryption identification information for said first client station and said system includes means associated with said second client station for requesting said first client station public key encryption identification information from said clearing station and means responsive to said request for transferring said first client station public key encryption identification information to said second client station.
10. The system of claim 8 wherein said transmit confirmation information comprises a message number uniquely relating to said plaindata.
11. The system of claim 8 wherein said trans- mit confirmation information comprises a digest of said plaindata.
12. The system of claim 8 wherein said transmit confirmation information comprises the entire plaindata.
13. The system of claim 8 wherein said clearing station includes means for providing an audit report of plaindata sent from said first client station to said second client station.
14. The system of claim 8 including means for updating encryption identification information.
15. A system for securely transferring plaindata from a first location to a second location via an SMTP capable transport over a TCP/IP network, the system comprising: a first client station at said first location; a second client station at said second location, said second client station for storing private key encryption identification information for said second client station; a clearing station a for storing public key encryption identification information for said second client station, said public key encryption identification information corresponding to said private key encryption identification information; means for communicatively coupling each of said stations to said network; means associated with said first client station for requesting said second client station public key encryption identification information from said clearing station via said network; means responsive to said first client station request for transferring said second client station public key encryption identification information from said clearing station to said first client station via said network; means associated with said first client station for encrypting said plaindata to form cipherdata utilizing said second client station public key encryption identification information; means for transferring said cipherdata from said first client station to said second client station via said network; means for transferring transit confirmation information from said first client station to said clearing station, said transmit confirmation information indicating to said clearing station that said first client station transmitted said cipherdata to said second client station; means associated with said second client station for utilizing said second client station private key for decrypting said received cipher- data; and means for transferring acknowledgement information from said second client station to each of said first client station and said clearing sta- tion, said acknowledgement information confirming to said first client station and said clearing station that said second client station received said plaindata.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU45999/97A AU4599997A (en) | 1996-09-26 | 1997-09-26 | A system and method for securely transferring plaindata from a first location to a second location |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US72165496A | 1996-09-26 | 1996-09-26 | |
| US08/721,654 | 1996-09-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO1998013970A1 true WO1998013970A1 (en) | 1998-04-02 |
Family
ID=24898776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US1997/017420 WO1998013970A1 (en) | 1996-09-26 | 1997-09-26 | A system and method for securely transferring plaindata from a first location to a second location |
Country Status (2)
| Country | Link |
|---|---|
| AU (1) | AU4599997A (en) |
| WO (1) | WO1998013970A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000008909A2 (en) * | 1998-08-13 | 2000-02-24 | International Business Machines Corporation | System for tracking end-user electronic content usage |
| US6389403B1 (en) | 1998-08-13 | 2002-05-14 | International Business Machines Corporation | Method and apparatus for uniquely identifying a customer purchase in an electronic distribution system |
| US6611812B2 (en) | 1998-08-13 | 2003-08-26 | International Business Machines Corporation | Secure electronic content distribution on CDS and DVDs |
| US6834110B1 (en) | 1999-12-09 | 2004-12-21 | International Business Machines Corporation | Multi-tier digital TV programming for content distribution |
| US6859791B1 (en) | 1998-08-13 | 2005-02-22 | International Business Machines Corporation | Method for determining internet users geographic region |
| US6959288B1 (en) | 1998-08-13 | 2005-10-25 | International Business Machines Corporation | Digital content preparation system |
| US6978375B1 (en) | 2000-09-08 | 2005-12-20 | International Business Machines Corporation | System and method for secure authentication of external software modules provided by third parties |
| US6983371B1 (en) | 1998-10-22 | 2006-01-03 | International Business Machines Corporation | Super-distribution of protected digital content |
| AU2003227202B2 (en) * | 1998-08-13 | 2006-08-10 | Wistron Corporation | System for Tracking End-user Electronic Content Usage |
| US7110984B1 (en) | 1998-08-13 | 2006-09-19 | International Business Machines Corporation | Updating usage conditions in lieu of download digital rights management protected content |
| US7277870B2 (en) | 1999-12-09 | 2007-10-02 | International Business Machines Corporation | Digital content distribution using web broadcasting services |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4182933A (en) * | 1969-02-14 | 1980-01-08 | The United States Of America As Represented By The Secretary Of The Army | Secure communication system with remote key setting |
| US4578532A (en) * | 1981-06-11 | 1986-03-25 | Siemens Aktiengesellschaft | Method and apparatus for code transmission |
| US4866707A (en) * | 1987-03-03 | 1989-09-12 | Hewlett-Packard Company | Secure messaging systems |
| US5146497A (en) * | 1991-02-27 | 1992-09-08 | Motorola, Inc. | Group rekey in a communication system |
| US5150408A (en) * | 1991-02-27 | 1992-09-22 | Motorola, Inc. | Key distribution communication system |
-
1997
- 1997-09-26 AU AU45999/97A patent/AU4599997A/en not_active Abandoned
- 1997-09-26 WO PCT/US1997/017420 patent/WO1998013970A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4182933A (en) * | 1969-02-14 | 1980-01-08 | The United States Of America As Represented By The Secretary Of The Army | Secure communication system with remote key setting |
| US4578532A (en) * | 1981-06-11 | 1986-03-25 | Siemens Aktiengesellschaft | Method and apparatus for code transmission |
| US4866707A (en) * | 1987-03-03 | 1989-09-12 | Hewlett-Packard Company | Secure messaging systems |
| US5146497A (en) * | 1991-02-27 | 1992-09-08 | Motorola, Inc. | Group rekey in a communication system |
| US5150408A (en) * | 1991-02-27 | 1992-09-22 | Motorola, Inc. | Key distribution communication system |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7110984B1 (en) | 1998-08-13 | 2006-09-19 | International Business Machines Corporation | Updating usage conditions in lieu of download digital rights management protected content |
| US6263313B1 (en) | 1998-08-13 | 2001-07-17 | International Business Machines Corporation | Method and apparatus to create encoded digital content |
| US6859791B1 (en) | 1998-08-13 | 2005-02-22 | International Business Machines Corporation | Method for determining internet users geographic region |
| US6959288B1 (en) | 1998-08-13 | 2005-10-25 | International Business Machines Corporation | Digital content preparation system |
| US6389538B1 (en) | 1998-08-13 | 2002-05-14 | International Business Machines Corporation | System for tracking end-user electronic content usage |
| US6389403B1 (en) | 1998-08-13 | 2002-05-14 | International Business Machines Corporation | Method and apparatus for uniquely identifying a customer purchase in an electronic distribution system |
| US6398245B1 (en) | 1998-08-13 | 2002-06-04 | International Business Machines Corporation | Key management system for digital content player |
| US6418421B1 (en) | 1998-08-13 | 2002-07-09 | International Business Machines Corporation | Multimedia player for an electronic content delivery system |
| US6574609B1 (en) | 1998-08-13 | 2003-06-03 | International Business Machines Corporation | Secure electronic content management system |
| US6587837B1 (en) | 1998-08-13 | 2003-07-01 | International Business Machines Corporation | Method for delivering electronic content from an online store |
| AU763380B2 (en) * | 1998-08-13 | 2003-07-24 | Level 3 Communications, LLC. | System for tracking end-user electronic content usage |
| US6611812B2 (en) | 1998-08-13 | 2003-08-26 | International Business Machines Corporation | Secure electronic content distribution on CDS and DVDs |
| US7590866B2 (en) | 1998-08-13 | 2009-09-15 | International Business Machines Corporation | Super-distribution of protected digital content |
| WO2000008909A3 (en) * | 1998-08-13 | 2000-11-16 | Ibm | System for tracking end-user electronic content usage |
| US6345256B1 (en) | 1998-08-13 | 2002-02-05 | International Business Machines Corporation | Automated method and apparatus to package digital content for electronic distribution using the identity of the source content |
| US7487128B2 (en) | 1998-08-13 | 2009-02-03 | International Business Machines Corporation | Updating usage conditions in lieu of download digital rights management protected content |
| US7269564B1 (en) | 1998-08-13 | 2007-09-11 | International Business Machines Corporation | Method and apparatus to indicate an encoding status for digital content |
| AU2003227202B2 (en) * | 1998-08-13 | 2006-08-10 | Wistron Corporation | System for Tracking End-user Electronic Content Usage |
| WO2000008909A2 (en) * | 1998-08-13 | 2000-02-24 | International Business Machines Corporation | System for tracking end-user electronic content usage |
| SG130009A1 (en) * | 1998-08-13 | 2007-03-20 | Ibm | System for tracking end-user electronic content usage |
| US7206748B1 (en) | 1998-08-13 | 2007-04-17 | International Business Machines Corporation | Multimedia player toolkit for electronic content delivery |
| US6983371B1 (en) | 1998-10-22 | 2006-01-03 | International Business Machines Corporation | Super-distribution of protected digital content |
| US7277870B2 (en) | 1999-12-09 | 2007-10-02 | International Business Machines Corporation | Digital content distribution using web broadcasting services |
| US6834110B1 (en) | 1999-12-09 | 2004-12-21 | International Business Machines Corporation | Multi-tier digital TV programming for content distribution |
| US6978375B1 (en) | 2000-09-08 | 2005-12-20 | International Business Machines Corporation | System and method for secure authentication of external software modules provided by third parties |
| US7500109B2 (en) | 2000-09-08 | 2009-03-03 | International Business Machines Corporation | System and method for secure authentication of external software modules provided by third parties |
Also Published As
| Publication number | Publication date |
|---|---|
| AU4599997A (en) | 1998-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10135771B2 (en) | Secure end-to-end transport through intermediary nodes | |
| US6988199B2 (en) | Secure and reliable document delivery | |
| Zhou et al. | Evidence and non-repudiation | |
| JP3745228B2 (en) | Message identification with confidentiality, integrity, and origin authenticity | |
| US5978918A (en) | Security process for public networks | |
| US5509071A (en) | Electronic proof of receipt | |
| US9071597B2 (en) | Secure instant messaging system | |
| JP4913044B2 (en) | Method for encrypting and transporting data between sender and receiver using a network | |
| CN1747379B (en) | Encryption device | |
| US8824674B2 (en) | Information distribution system and program for the same | |
| US20060053280A1 (en) | Secure e-mail messaging system | |
| CA2295150A1 (en) | Data communications | |
| WO1998013970A1 (en) | A system and method for securely transferring plaindata from a first location to a second location | |
| WO2001030016A2 (en) | A method for non-repudiation using a trusted third party | |
| JP2000031957A (en) | Communication system | |
| EP1437024B1 (en) | Method and arrangement in a communications network | |
| Al-Hammadi et al. | Certified exchange of electronic mail (CEEM) | |
| WO2001025883A2 (en) | A method for preventing repudiation of an executed transaction without a trusted third party | |
| EP1357697B1 (en) | Secure communication via the internet | |
| JP3796528B2 (en) | Communication system for performing content certification and content certification site device | |
| JP2005217808A (en) | Information processing unit, and method for sealing electronic document | |
| WO2002046861A2 (en) | Systems and methods for communicating in a business environment | |
| WO2005053254A1 (en) | Secure message model | |
| KR20030012165A (en) | System for providing service to transmit and receive document based on e-mail system and method thereof | |
| WO2002021793A2 (en) | System and method for encrypted message interchange |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL |
|
| DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| NENP | Non-entry into the national phase |
Ref country code: JP Ref document number: 1998515986 Format of ref document f/p: F |
|
| REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
| 122 | Ep: pct application non-entry in european phase | ||
| NENP | Non-entry into the national phase |
Ref country code: CA |